Password reset in tvheadend access control
#1
On my Rasp pi running openelec I decided to alter the access control in TVHeadend, but managed to lock myself out. I can only log in and see the EPG.
I have read many many posts about editing the file in /home/hts/.hts/tvheadend/accesscontrol
I am newish to linux and using putty and winsc I cannot find any of these folders, can some one please explain where they are

Thanks
Reply
#2
I am logging in as root, should I be logging in as hts or something else. Not sure of passwords for any other log ins
Reply
#3
They'll be in a different place in OpenELEC - that's the default path on a 'full fat' Linux distro, but OE handles everything through addons, so is different. The files will be under /storage/.kodi/addons/service.multimedia.tvheadend or something like that.

If you connect through putty, try find ~ -name *tvheadend* -print

... and see what it tells you. That will search from your home directory - so everything you can read/write to normally (the OS is read only in OpenELEC) - and will print out anything that has "tvheadend" in the file/directory name.
Reply
#4
Brilliant, Thankyou, I did a further search for accesscontrol and found two files in it here:

/storage/.kodi/userdata/addon_data/service.multimedia.tvheadend/accesscontrol

I expected them to be named 1 and 2 etc but they are named:

41693d2007e2bb60af676fcc20a38600 and d6b649ca85e72cf2cc4169f79db98dee

Contents are similar except for the user name and password

{
"index": 1,
"enabled": true,
"username": "*",
"password2": "VFZIZWFkZW5kLUhpZGUtKg==",
"prefix": "0.0.0.0/0,::/0",
"streaming": true,
"adv_streaming": true,
"htsp_streaming": true,
"profile": "97daf09c5e4222a662737725fbaf43f8",
"dvr": true,
"htsp_dvr": true,
"all_dvr": true,
"all_rw_dvr": true,
"dvr_config": "",
"webui": true,
"admin": false,
"conn_limit": 2,
"channel_min": 0,
"channel_max": 0,
"channel_tag": "",
"comment": "Default access entry"
}

I have used vi and changed admin from false to true in the one below but now it will not let me log in with the username and password, whereas it did before I changed the admin to true.The password is not what I entered and used previously, it has changed it to that, but will not let me in even if I use it.

OpenELEC:~/.kodi/userdata/addon_data/service.multimedia.tvheadend/accesscontrol # cat 41693d2007e2bb60af676fcc20a38600
{
"index": 0,
"enabled": true,
"username": "gowzel",
"password2": "VFZIZWFkZW5kLUhpZGUtMWhhbWFjbGFzcw==",
"prefix": "0.0.0.0/0",
"streaming": true,
"adv_streaming": true,
"htsp_streaming": true,
"profile": "97daf09c5e4222a662737725fbaf43f8",
"dvr": true,
"htsp_dvr": true,
"all_dvr": true,
"all_rw_dvr": true,
"dvr_config": "d64646bf1375c483d10005092565b7f6",
"webui": true,
"admin": false,
"conn_limit": 0,
"channel_min": 0,
"channel_max": 0,
"channel_tag": "",
"comment": "New entry"
}
Reply
#5
The passwords are hashed, so they're no longer simple strings.

You should also have a 'superuser' file there somewhere - most likely in ~/.kodi/userdata/addon_data/service.multimedia.tvheadend - readable only to root. That has a very simple username/password structure - make a note of those, or edit them as needed.

Clear your brower's cache and delete any cookies from your tvheadend server, then reload the page... it should prompt you for credentials, and you should be able to get in using the superuser ones.

Once in, you can now change the access control rules or user passwords as needed (which will then change te accesscontrol files).
Reply
#6
First: do not kill your entire setup! Such a hint is ... not so good.
Second: do not add or edit a "password": "SuperSecret", line. This is outdated since TvHeadend version (Huh) don't remember.

Some basics:
To see, what password is hidden in "VFZIZWFkZW5kLUhpZGUtKg==", just type in any linux bash:
Quote:echo -n 'VFZIZWFkZW5kLUhpZGUtKg==' | base64 -d ; echo -e '\n'

then ignore the prefix 'TVHeadend-Hide-'

The other way around (I just did it in 03/2018 with 4.2.5-43):
My password is, say, 'SuperSecret'.
Quote:echo -n 'TVHeadend-Hide-SuperSecret' | base64
VFZIZWFkZW5kLUhpZGUtU3VwZXJTZWNyZXQ=
next, I locate the credentials file for the user "pumuckl" which I need to fix:
Quote:grep -l 'pumuckl' /home/hts/.hts/tvheadend/accesscontrol/*
/home/hts/.hts/tvheadend/accesscontrol/ae91795e1110ddce8e6799ac7f93863e
# call an editor with this file:
sudo nano $(grep -l 'pumuckl' /home/hts/.hts/tvheadend/accesscontrol/*)

there, I locate the line
"username": "pumuckl",

and check, if it already has a "password2" line, or not.
In my case I had to add and edit:
Quote:    "username": "pumuckl",
    "password2": "VFZIZWFkZW5kLUhpZGUtU3VwZXJTZWNyZXQ=",
    "webui": true,
    "admin": true,
(do not forget the comma ad indent the line with a starting tab character)

a final
sudo service tvheadend restart
was required under 'buntu. Voilá, TvHeadend web control now lets me in with credentials "pumuckl" and "SuperSecret"

HTH,
LM
Reply

Logout Mark Read Team Forum Stats Members Help
Password reset in tvheadend access control0